Axcient CEO To MSPs: We Can Help You Keep Customers From Paying Ransomware

Axcient's new AirGap technology, which separates backup requests from the actual backup mechanics to prevent malicious deleting of a business' data, is part of an overall strategy from the company to help MSPs keep customers from paying attackers.


With the rise in ransomware attacks and with the penalty for not paying the ransom for hijacked data potentially much more severe than the cost of the ransom itself, it is important that MSPs find a way to convince customers to not pay it.

That's the message from David Bennett (right in photo), CEO of data protection software and appliance vendor Axcient, who Tuesday told a group of MSPs gathered at this week's XChange 2020 conference that not paying the ransom has been his mantra since he joined the company just over a year ago.

"If you pay the ransom, you are paying the bad guys to continue their attacks," Bennett said.

Sponsored post

[Related: Focus On The MSP: 5 Recent Partner-Friendly Changes At Axcient]

Dealing with ransomware attacks is increasingly important given that worldwide there is a successful attack about every 12 seconds, Bennett said.

A successful ransomware attack leads to an average of 16 days of downtime, he said. Furthermore, 88 percent of companies report being subject to phishing activities.

"Thirty-three percent of people pay the ransom," he said. "Maybe some people don't tell the truth about paying the ransom."

The past two years have seen ransomware activity turn its focus to MSPs and through them to their customers, Bennett said. "It's going to be about MSPs, about your customers and their customers," he said.

He cited a recent attack via an MSP to a provider of health-care technology to about 2,000 customers. "Imagine 2,000 customers coming to your customer, and your customer saying, 'It's not me. It's my IT provider,'" he said.

Data backup and recovery is the last line of defense against ransomware, Bennett said.

Ben Nowacky (left in photo), senior vice president of products at Axcient, said the company wants to future-proof MSPs against the kind of attacks that could impact their customers.

One way it is doing so is with a new technology called AirGap, named after the way data was protected in the past by physical distance between the primary and secondary storage, Nowacky said.

AirGap brings a multipart control at the software layer and the human layer to separate the request to delete data from the mechanics of deleting it. Should someone attempt to delete backup data, the request is routed to an authorized administrator for confirmation, he said. There is also a time delay before the data is accidentally deleted to prevent the deletion.

"Even if you have a very sophisticated attack at the root level, we make sure you can get your data back," he said.

AirGap is enabled on Axcient's data protection software by default, he said.

Axcient also protects data with its Replibit AutoVerify technology, which provides MSPs with automated daily proof that their customers' data can be restored if needed, Nowacky said.

The company is working with MSPs to find new areas where they can further protect data, he said.

"We continue to evolve the platform to keep your business up and running," he said. "It's a cheesy thing, but we like to say, 'We lose sleep at night so you don't have to.'"

Bennett told CRN that AirGap was developed in response to requests from its MSPs, and that it is in the process of being verified by a couple of third-party security companies tasked with seeing if it is possible to break the protection it offers.

"This, stacked up with our AutoVerify technology, lets MSPs verify that the data backed up is good, recoverable data," he said. "And in the event that something bad happens, they know it can be recovered. It's all about adding multiple layers of protection.”

Axcient late last year introduced its X360 converged backup platform that provides single sign-on and a common user experience for MSPs by bringing together its x360Cloud data protection technology for Microsoft Office 365, its x360Sync secure file sync and share technology, and its x360Recover business continuity and disaster recovery software, Bennett said.

"Customers don't want five or six different pieces of technology all managed and supported differently," he said.

For MSPs, having an integrated approach is important given all the ways data can be lost, Bennett said.

For instance, Microsoft makes it clear that it cannot guarantee data from its Office 365 offering can be retrieved. Microsoft said data is retained for 90 days, but if it is deleted, it is gone, he said. And Office 365 instances can be cryptolocked, he said.

AirGap is adding a new layer of security, said Luis Alvarez, president and CEO of Alvarez Technology Group, a Salinas, Calif.-based solution provider and MSP and Axcient channel partner.

"Everybody who's in the MSP space right now, if you're not thinking about security first and foremost, then you're not doing your job," Alvarez said. "This gives an additional tool, an additional service that we can talk to clients about to protect their environments even better."

Alvarez said some of his customers have already experienced ransomware.

"We like to believe we're impervious, but that's not the case," he said. "We subscribe to the NIST cybersecurity framework, and one of the biggest components to that is the ability to recover. And so we're religious about our backups, religious about making sure that, if our clients get ransomware, which is rare but it happens, we can turn around and recover pretty quickly, and they never have to pay the ransom."